More and more personal data is being stored on ever smaller and more mobile devices. The risk that sensitive data regarding identity, access codes, or business information could be compromised if one of these devices is misplaced increases with the amount of information that can be stored on them and their increasingly pervasive use. Requiring the entry of security codes or keys is a partial solution, but the efficacy of this solution decreases to the extent that the data onboard the device can be used if the mobile device lands in the wrong hands.
Portable electronic devices such as cellular telephones, personal digital assistants (PDAs), wireless email devices, instant messaging devices, pagers, portable compact disk (CD) players, portable MP3 players, and others are often forgotten, lost, or stolen (a “PED” includes any portable device that can be used for communication, performing intellectual and/or physical work, and/or entertainment).
Current data protection solutions consist of:
Password authentication,    User passwords are generally short and can be bypassed by reinstalling the operating system or the application. Passwords can be hacked through several methods including guessing, observation, and installing Trojan Horses (A virus in which malicious or harmful code is contained inside apparently harmless programming or data).
File encryption and decryption on entry of a password,    Some market available applications allow the user to define a password and to select an encryption method and an encryption key length. This application generally does either a bulk encryption or a file encryption on saving and a decryption on user opening a file.    In this method, the decryption key is generally encrypted and stored on the same computer as the encrypted data; this is analogous to locking a safe, and hiding the safe key under the door of the safe. Not only that, the decryption key is generally decrypted when the user enters a short password (generally less than 10 digits) and stored in a fixed location in memory during the whole duration of the user session and is used every time a file requires decryption.    A malicious program can find the decryption key and make it available to a hacker. Furthermore, recent techniques of cooling memory can make the decryption key available to a hacker for a period following system shut down.
SECUREID code for access to network,    SECUREID is cumbersome and inconvenient for the user. SECUREID is good at protecting a server from unauthorized access, and at validating users over a network. However, it fails to work in un-networked environment, and can have response latency.
USB dongle,    USB dongle is used to authenticate a user through the presence of a hardware device with a specific ID. USB dongles can be duplicated by experts.
PCs software like LOCKITNOW™ provides the ability to pair a computer with a mobile phone, and have the Windows login unlock when the user is in proximity and lock when the user is out of proximity.
RFID Key    Some high end cars provide RFID keys for contactless door access and engine start.
Another method for protecting data onboard a personal electronic device (PED) is disclosed in U.S. patent application 60/199,538, titled: Automatic data encryption and access control based on BLUETOOTH device proximity which decrypts data on contact with a paired BLUETOOTH device, and encrypts the data on loss of contact. This method is inefficient, can cause data corruption, and more importantly, it does not provide high level security. The Bluetooth ID of paired Bluetooth device can be obtained from the operating system, and can be used to fake the BLUETOOTH device.
It is noted that PED can refer to a computer, a mobile phone, a handheld device, an information system, a vehicle electronic computer, or any electronic system.
US Patent application publication 20050280546 discloses two mobile transceivers that are linked through a BLUETOOTH link. The BLUETOOTH enabled RF link between the first and second mobile transceiver units forms a monitoring piconet. The second mobile transceiver unit provides an alarm indication when the first mobile transceiver unit moves beyond a distance of approximately ten meters from the second mobile transceiver unit. The second device repeatedly pages the first device, and waits for a response. If a response is not received, an alarm is issued. This method has been tested and found to be unreliable due to high energy consumption and due to the human body blocking Bluetooth signals.
U.S. Pat. No. 6,885,848 is directed to an apparatus for preventing the loss of a portable telephone that uses BLUETOOTH communication protocol. The signal strength is periodically monitored and an alarm issued to the headphone when the signal is below a threshold. BLUETOOTH protocol provides for a received signal strength indicator (RSSI) value or the Link Quality value to be determined at any time. If the value received is below a threshold, an alarm is issued to the headphone. This system may reduce the chance that a portable telephone is lost or stolen, but if the mobile phone falls in the wrong hands, this system does not prevent the data from being accessed.
Thus, a need exists for a method and apparatus for securing assets and sensitive data on them that are reliable, simple to use, cost effective, mobile, adaptable and secure that consists of: Separating the location of encrypted data and encryption key. Data should be encrypted at all times, and should be decrypted in memory only when it is requested by the user and after wirelessly validating security credentials. The key should be personalized, non-sharable. An administrator should be able to initialize, distribute and manage the keys remotely. An administrator should be able block and to replace keys in case of loss or theft without compromising the security of a number of devices and without compromising access to existing data.